hi sparks,
We would also produce a DB clone for development purposes.
Yes. The problem lies in that one time that you copy off the live site to a development directory, forget to change the configuration.php file (or its equivalent), and mangle the live database as a result.
With a local test environment, you can't do that (assuming your remote site database is setup in a sane way to only allow localhost access).
Fire in the Data Center? ... have a look at deg.ie , they probally have all the info there on fire suppression etc.
Fire was the first thing I thought of, but there are many others that the data centre company can't prevent. Granted, we get few earthquakes here, but we do get terrorist attacks (or used to at least, but I'm a pessimist
), muppets with JCBs digging up cables, etc, etc, etc. And while the hosting company will
try to prevent this sort of thing, you're still the one that suffers if they slip up. At least with local environments, you have your copy of the site in subversion, so you can get back up and running with somone else a bit faster.
To be honest, the only real risk of using a live server as a test environment would be through sloppy or experimental coding. This could increase server load if you had multiple sql queries running in an eldless loop for instance. If there was any significant risk of our dev. work affecting live websites, we would indeed use a local machine.
And if there was any significant risk of me being in a car accident, I'd put on my seat belt just before the crash.
Let's be realistic here, your clients web apps. are exposed to a greater risk from other sources.... being on a shared box for instance where you don't know who is doing what with other sites, or using a box where open source apps. are running (Joomla etc.). In terms of a discussion about risk reduction, these factors are of a far greater consequence.
First off, we're not talking about a shared box, but colocation. Or at least I was. Shared boxes, we agree on this, are a bit more risk than I'd like for something critical.
Secondly, I'll trust something that's open source like Joomla or PHP or Apache or Postgres or Linux (heck, even MySQL) long before I'll trust something closed source where I can't figure out what the heck just went wrong. And in terms of risk reduction, I'd put development on the live server by a new employee who's not yet up to speed and on whose job-specific training your uptime is depending as being about the biggest risk going.